PC Tools News
Cybercrooks Target ‘Digitally Active’
3 May 2009 | PC Advisor by Carrie Ann Skinner
Younger Internet users who are ‘digitally active’ and use the Web for mostly social interaction are most at risk of cybercrime, says PC Tools. According to the security vendor, recent research revealed that 18- to 32-year-olds are the most social Web users with 59 percent regularly using instant messaging and 67 percent frequently visiting social networking sites such as Facebook. When they’re not social networking, 57 percent of 18- to 32-year-olds are using the Web for online banking.
Young internet users run higher cybercrime risks – survey
4 May 2009 | The Paypers
Social networking sites, instant messaging services, online music and video shopping websites all run the risk of being used by cybercriminals in order to trick users into downloading malware into their computers, thus making them vulnerable to identity theft. The survey thus indicates that 59 percent of internet users aged 18 to 32 regularly use instant messaging services, 67 percent of users in the same age group frequently visits social networking sites such as Facebook, while 57 percent of 18 to 32-year-olds use the internet to carry out online banking activities. The survey was carried out by Australian software company PC Tools.
Comprehensive Data Protection Spyware steals your data!
4 May 2009 | Chip Online (Poland)
Our test shows if you need special tools spyware’em struggling with whether or not sufficient to protect the normal anti-virus scanner. Other programs identify the trust only on the basis of signatures. And here there is completely disappointing: none of them was identified even half of spyware’u – Spybot and Spyware Doctor have identified less than one-tenth. To test this, we decided to install the system in a few popular programs (eg Adobe Reader, iTunes, Daemon Tools, and Microsoft Office 2007) and to test how plants respond to these programs antyspyware. Only Norton, Spyware Doctor and Windows Defender has not reported any problems.
Threat Update
Botnet hijacking reveals 70GB of stolen data
4 May 2009 | The Register by Dan Goodin
Security researchers have managed to infiltrate the Torpig botnet, a feat that allowed them to gain important new insights into one of the world’s most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days. During that time, Torpig bots stole more than 8,300 credentials used to login to 410 different financial institutions, according to the research team from the University of California at Santa Barbara.
Related News:
Researchers hijack Torpig botnet (5 May 2009 | PC Authority by Shaun Nichols)
Botnet hijack: Inside the Torpig malware operation (4 May 2009 | ZDNet by Ryan Naraine)
Torpig Botnet Hijacked Dissected (4 May 2009 | Slashdot)
Botnet probe turns up 70g of personal, financial data (4 May 2009 | IDG News Services by Jeremy Kirk)
Botnets grow by 50 per cent (5 May 2009 | Web User News)
McAfee website visited by plague of security locusts
5 May 2009 | The Register by Dan Goodin
McAfee’s website has been has been hit by at least three nasty bugs that left its customers susceptible to phishing and other types of scams. At least one remained unfixed at time of writing, more than 24 hours after it was first disclosed. The most serious vulnerability, ironically enough, affected McAfee Secure, a service that certifies the security of sites that conduct ecommerce and other sensitive transactions. Mike Bailey of the Skeptikal.org blog found the site suffered from a CSRF. (Comments by McAfee)
McAfee blasted for having holes in its Web sites (5 May 2009 | CNET News by Elinor Mills)
Story on McAfee Security Hole Triggers Another (5 May 2009 | PC World by Erik Larkin)
McAfee Sites Vulnerable To XSS Attack (5 May 2009 | Slashdot)
Koobface tries CAPTCHA Breaking
3 May 2009 | Sophos Labs Blog by Joey Costoya
Early this week, we’ve encountered a new Koobface spam campaign which involved links that eventually led users to this Youtube copycat web page. The scheme uses the old flash player trick (see Figure 1) where the user is told that they need to download the latest version of Adobe Flash Player to view a certain video. In this case, the Flash Player in the page is an actual Flash .SWF file, which will redirect users to a file named setup.exe detected by Trend Micro as TROJ_KOOBFACE.DU through the Smart Protection Network.
1 May 2009 | Web User News
Facebook’s security procedures have been called into question by Finnish security firm F-Secure. Security questions used by Facebook to protect accounts are too obvious and are about topics that many friends and associates of the account holder could know, F-Secure said. In a social network, asking questions such as ‘what is your mother’s maiden name?’ and ‘what street did you grow up on?’ is not a strong enough way of protecting accounts, F-Secure argued. (Comments by F-Secure)
Related News:
Facebook fends off two days of phishing attacks (1 May 2009 | CNET News by Elinor Mill)
Facebook confirms ‘Fakebook’ phishing attacks (1 May 2009 | IT PRO by Asavin Wattanajantra)
Go Phish! How to Guard your Privacy on Facebook (2 May 2009 | PC World by Jake Widman)
Lame Mac ‘email worm’ limps into view
6 May 2009 | The Register by John Leyden
Virus writers have created a worm that seeks to establish a botnet of compromised Mac machines. But the Tored Mac worm, which attempts to spread via email, is so hopelessly buggy and lame that it’s about as likely to score as Steve Ballmer at an Apple convention. Strains of Mac malware are, of course, dwarfed by factors that run into the hundreds of thousands, if not millions, by types of Windows-specific viruses. The small, although growing, number of Mac malware strains that do exist are typically Trojans that pose as video codecs or pirated versions of iWork.
Related News: Mac worm poses little risk, represents cross-platform innovation (5 May 2009 | SC Magazine US by Angela Moscaritolo)
Windows 7 RC’s Flaw Puts Users at Risk
7 May 2009 | PC World by Gregg Keizer
Windows 7 Release Candidate (RC) continues a long-running Microsoft practice that puts users at risk, a security researcher said Wednesday. The new operating system’s Windows Explorer file manager still misleads users about the true extension of a file, said Patrik Runald, chief research advisor at Helsinki-based F-Secure Corp. Rather than reveal the full extension for a filename, Windows Explorer hides the extension for known file types, giving hackers a way to disguise malware by using those file types’ extensions and icons. (Comments by F-Secure)
Windows 7 at risk from legacy flaw, F-Secure says (6 May 2009 | CNET News by Tom Espiner)
Windows 7 RC ignores file extension security risk (6 May 2009 | Computer World by Gregg Keizer)
Leaked copies of Windows 7 RC contain Trojan (4 May 2009 | Computer World by Gregg Keizer)
Cybercrooks develop own search engines to burgle users
7 May 2009 | Computer Weekly by Ian Grant
Cybercriminals are creating specialised search engines to drive users to malicious websites created to distribute malware, reports a security research firm. This reflects the growing professionalisation of cybercrime, said Madrid-based PandaLabs. One malicious search engine it found has already been used by around 195,000 people, whose PCs could now be infected Previously, cybercrooks would use malicious SEO (search engine optimisation) or “blackhat SEO” techniques to improve the ranking of their pages among popular search engines. (Comments by PandaLabs)
Related News: Cybercriminals promoting malware-friendly search engines (7 May 2009 | Dancho Danchev)
Swine flu-email in Spanish links to data-stealing Trojan
1 May 2009 | CNET News by Elinor Mills
An e-mail referencing a vaccine for swine flu is circulating that includes a link to a malicious file on a Mexican Web site that is designed to steal bank log-in information, security firm SonicWall said on Friday. The e-mail, which is in Spanish, has a link to the Qhost.NJI Trojan on a Web site that appears to be legitimate but has probably been hacked, said Nick Bilogorskiy, manager of antivirus research at SonicWall. Related News: Swine flu spam leveling off, but attacks continue (1 May 2009 | SC Magazine US by Dan Kaplan)
Mac bomb ticks for security smug users
1 May 2009 | Computer World by Darren Paull
The idée fixe that Macintosh is impervious to attack could be shattered if cyber-criminals act on their arsenal of 0-day exploits, security experts say Hackers need only a few critical vulnerabilities, common to all operating systems including the security-focused OpenBSD, to craft a successful attack Pure Hacking senior security consultant Chris Gatford said hackers may retain 0-day Macintosh vulnerabilities unknown to the industry and exploit them at an opportune time. “It’s only a matter of a time before Macs get more market share and become a more viable target,” Gatford said.
Microsoft MSRT Releases Eight New Malware Families for H2-2008
5 May 2009 | SPAMfighter
Microsoft Security Intelligence Report (Edition 6) included 8 new families of malware to the list of MSRT in H2-2008. These families were added as the Microsoft researchers believed that these are or will be ubiquitous enough to rationalize their involvement in the list of MSRT New Families in H208. As per Microsoft, these families operate on several thousand systems around the globe every month. Win32/Horst attacked around 235,318 systems during July 2008. The real motive of this family was to send spam. In general, the content of spam messages promoted online pharmacy retailers.
Update: Strike Fight data was leaked on P2P network in 2005, security expert says
5 May 2009 | Computer World by Jaikumar Vijayan
Data on the Pentagon’s Joint Strike Fighter aircraft that was recently reported as being illegally accessed by foreign cyberspies has been available for more than four years on a peer-to-peer file-sharing network, the CEO of a software vendor said at a legislative hearing today. The Wall Street Journal last month reported that hackers — possibly based in China — had broken into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the $300 billion stealth fighter currently under development.
Audit: air traffic systems vulnerable to attack
6 May 2009 | AP by Lolita C Baldor
The nation’s air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a government audit. The Transportation Department’s inspector general concluded that although most of the attacks disrupted only support systems, they could spread to the operational systems that control communications, surveillance and flight information used to separate aircraft. The report noted several recent cyber attacks, including a February incident.
Hackers Break Into Virginia Health Professions Database
4 May 2009 | Security Fix by Brian Krebs
Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents. Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.
Related News: Hackers demand $10m ransom for Virginia medical data (5 May 2009 | The Register by Dan Goodin)
LexisNexis says its data was used by fraudsters
2 May 2009 | IDG News Services by Robert McMillan
LexisNexis acknowledged Friday that criminals used its information retrieval service for more than three years to gather data that was used to commit credit card fraud. LexisNexis has started warning about 32,000 people that “a few” customers used its service to help them illegally obtain credit cards. “These individuals were operating businesses that at one time were both ChoicePoint and LexisNexis customers,” the company said in a notification letter that it began sending out Friday.
Related News: USPS Probes Security Breach (1 May 2009 | CBS News by Ariel Bashi)
Industry News
Phished Facebook accounts pass along malware
7 May 2009 | CNET News by Elinor Mills
At least one Facebook account that was hijacked in phishing attacks last week was used to send out spam directing people to a malware site, according to the social-networking company. Some Facebook users reported receiving messages on Thursday that said “look at mygener.im” and contained a link leading to a site that appeared to be hosting adware, said Facebook spokesman Barry Schnitt. Adware is software that automatically displays or plays ads on a computer once it has been installed and can be used to spy on computers. “We think it’s adware,” Schnitt said. “It doesn’t appear to be self-propagating. We are still investigating.”
F-Secure warns over Windows 7 security risk
7 May 2009 | PC Advisor by Gregg Keizer
Windows 7 Release Candidate (RC) continues a long-running Microsoft practice that puts users at risk, a security researcher said on Wednesday. The new operating system’s Windows Explorer file manager still misleads users about the true extension of a file, said Patrik Runald, chief research advisor at Helsinki-based F-Secure Corp. Rather than reveal the full extension for a filename, Windows Explorer hides the extension for known file types, giving hackers a way to disguise malware by using those file types’ extensions and icons.
(Comments by F-Secure).
Related news: Microsoft doctors AutoRun in Window 7 to stymie Conficker (1 May 2009 | Computer World by Gregg Keizer) Microsoft rethinks AutoPlay to counter growing threat of malware (30 April 2009 | Hexus by Parm Mann) Microsoft: We’re not ditching Vista until at least 2011 (4 May 2009 | Computer World by Gregg Keizer)
Conficker hype obscures sneaky botnet growth
6 May 2009 | The Register by John Leyden
Spammers and other cybercrooks are rebuilding their arsenal of compromised machines after suffering a setback with the takedown of cybercrime-friendly ISP McColo last November. Botherders have taken control of 12 million new IP addresses in the first quarter of 2009, a 50 per cent increase since the last quarter of 2008, according to a net security report from McAfee. The infamous Conficker superworm has occupied all the headlines, and makes a big contribution to the overall figure of pwned Windows PCs, but other strains of malware collectively make a big contribution to the number of compromised PCs.
FBController allows for hijacking of Facebook accounts
6 May 2009 | CNET News by Elinor Mills
A computer security enthusiast in India has released a tool designed to allow people to take complete control of strangers’ Facebook accounts if they can get hold of the targets’ session cookies. It also could be used to manage large quantities of hijacked accounts. FBController analyzes the communications that Facebook has with computers when they interact with the site and uses that information, along with the cookie data, to allow for accounts to be hijacked, said 26-year-old Azim Poonawala, who wrote the tool and provides details on his blog.
Critical security hole in Google Chrome
6 May 2009 | ZDNet by Ryan Naraine
For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities. One of the two flaws carry a “critical” rating because of the risk of code execution with the privileges of the logged on user. CVE-2009-1441: Critical. A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
Related News: Safari, Opera Users Lag Behind in Security Updates (5 May 2009 | Washington Post by Brian Krebbs)
Netbooks, cloud to be winners this year
5 May 2009 | iTnews Australia by Nate Cochrane
Gazing into its crystal ball, analyst International Data Corporation predicts “pockets of opportunity” for the IT industry in an otherwise gloomy outlook this year. Buyers slashing budgets will spur the growth of emerging technologies such as cloud computing and netbooks bundled with mobile service plans, IDC said today in its annual list of predictions for the year ahead. And Green IT will be an incidental beneficiary as organisations find smarter ways to do their computing in the data centre.
Related News: Cloud Security Alliance (4 May 2009 | VNUNet by (Video Interview)) The legal implications of cloud security (5 May 2009 | Network World by Tim Greene) Cloud security will supplant patching, says report author (1 May 2009 | Techworld by John E Dunn)
2 May 2009 | VNUNet by Ian Thomson and Shaun Nichols
Unless you’ve been living in a cave for the last week, you’ve witnessed the wholesale hysteria being launched over the recent Swine Flu outbreak. All this panic over a simple strain of flu got us thinking about some of the more virulent computer pandemics that have hit in recent years. While a computer virus pales in seriousness to a human outbreak, malware attacks can still take a huge toll on businesses throughout the world. Unless you’ve been living in a cave for the last week, you’ve witnessed the wholesale hysteria being launched over the recent Swine Flu outbreak.
US spy boss pushes for unified cyber-command center
6 May 2009 | The Register by Dan Goodin
The US military wants to create a unified digital command center in Maryland as part of a push to reorganize its offensive and defensive cyber operations. The center would be located at the Army’s Fort Meade and would be a sub-unit of the US Strategic Command, Lieutenant General Keith Alexander, director of the National Security Agency, told a House Armed Services subcommittee on Tuesday. Its mission would be to protect the US military computers by blending offensive and defensive capabilities of the Pentagon and the NSA.
Related News: US cybersecurity proposals upset lobby group (5 May 2009 | IDG News Services by Grant Gross) Critics argue against a White House security lead (4 May 2009 | Computer World by Jaikumar Vijayan) US Congress wants hack teams for self-penetration (1 May 2009 | The Register by Dan Goodin) Call for global cyberthreat solution (6 May 2009 | SC Magazine US by Angela Moscariolo)
Twapple? Let’s Recap a Dozen Other Apple Acquisitions That Aren’t Going to Happen
5 May 2009 | Technologizer by Harry McCraken
Owen Thomas of Valleywag has published a rumor which is both wildly entertaining and wildly improbable: Apple is supposedly in negotiations to buy Twitter for $700 million. What’s the alleged rationale? Well, Owen says that Apple is making dough as people snap up Twitter clients for the iPhone from the App Store. But A) it would take a heck of a lot of $2.99 copies of Tweetie to come up with $700 million; and B) as Owen points out, Apple will make money from Twitter clients whether or not it owns Twitter.
Increasing Internet security for average users
7 May 2009 | Network World by M.E. Kabay
Getting users involved in protecting their home systems and those of their families and friends is good for everyone. In that connection, my friend and colleague in the MSIA Program at Norwich University, Adjunct Professor Kip Boyle, wrote to me recently about his new blog and I invited him to share his news with readers of this column. What follows is entirely Kip’s own work with minor edits. One day, while working hard as the chief information security officer at an insurance company, I realized that much of our organization’s network security was in the hands of ordinary users of our computers.
4 May 2009 | PC Magazine by Larry Seltzer
Today, or somewhere nearby, is the 9 year birthday of the ILOVEYOU worm. Find a detailed history and description of it in Graham Cluley’s blog for Sophos. ILOVEYOU was a major event, perhaps the first really major malware event on the Internet. There had been others before, including Melissa, which must have been a technical inspiration for ILOVEYOU, but ILOVEYOU hit a lot of people. Click here for the technical description of the initial ILOVEYOU, also known as Love Letter and a bunch of other names. The subject line was “ILOVEYOU” and the body of the message was “kindly check the attached LOVELETTER coming from me.”
Internet threats rise by two-thirds in April
4 May 2009 | IT News Australia by Phil Muncaster
The number of web-based threats soared by nearly two-thirds in April, according to new figures from managed security vendor Network Box. The firm said that the 63 per cent rise in internet threats was due in large part to phishing attacks, which represented one in four of the threats.
Simon Heron, internet security analyst at Network Box, warned that users should be on high alert.
“The level of malware has leapt up this spring, and we expect to see a high level of attacks continue,” he said.(Comments by Network Box)
Adobe to patch Reader and Acrobat flaws
4 May 2009 | PC Advisor by Jeremy Kirk
Adobe Systems expects to have patches ready to fix the latest flaws in Acrobat and Reader by next week. “We are in the process of fixing the issue and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th,” wrote David Lenoe, a security program manager, on Adobe’s security blog.
The update will fix the problem in versions 7.x, 8.x and 9.x for Reader and Acrobat on Windows, versions 8.x and 9.x of Reader and Acrobat for Macintosh, and Reader versions 8.x and 9.x for Unix.
Related News: Adobe plugs hole in Flash Media Server (1 May 2009 | ZDNet by Ryan Naraine)
Experts Chart Spike in Cyber Sieges
1 May 2009 | Washington Post by Brian Krebs
Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption. These “distributed denial of service” or DDoS attacks use robot networks or “botnets” — many hundreds or thousands of compromised PCs — to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors.
Twitter needs a top-down security rethink
1 May 2009 | threatpost
Twitter co-founder Biz Stone says the company “takes security very seriously” but the details behind the micro-blogging site’s recent hack shows that Twitter is light years away from having the most basic security controls in place. As it turns out, the Twitter admin who had his Yahoo mail hijacked via the secret question was Jason Goldman, who tweeted about it several times. This isn’t the first time a stray Twitter admin’s password turned into a security embarrassment and it makes one wonder if the company has given any thought to securing the privacy (and, sometimes, anonymity) of its growing user base.
Spam down but zombies up, says McAfee
7 May 2009 | News.com.au
HACKERS appear to be beefing up armies of zombie computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee. A McAfee report said that during the first three months of this year, nearly 12 million new computers were added to the ranks of machines infected with malware that lets cybercriminals use them to spew spam. The ominous news came with word that the amount of spam dropped 20 per cent during the same period, evidently as a result of the elimination of a “McColo” spam-generating operation late last year. (Comments by McAfee)
3 May 2009 | The Star Online
IF you think there is nothing wrong with receiving unsolicited calls, text messages or e-mails, think again. Someone in possession of your name, contact number and place of work may be able to steal your identity. Chia Wing Fei, the security response manager of F-Secure Security Labs, says that with this baseline information, someone could easily gather more particulars. “There are a few ways of doing this – passive information reconnaissance over the Internet, pretexting or phishing,” he says. (Comments by F-Secure)
Security Manager’s Journal: Watching the evolution of threats from the trenches
4 May 2009 | Computer World by J.F Rice
Recent security incidents at my company have gotten me thinking about the state of information warfare. Electronic break-ins are progressing in a direction that makes me fear that the nature of the threats is changing. Only a couple of years ago, incidents were largely virus- and worm-related. Although an outbreak of network-borne malware could bring a company’s IT infrastructure to its knees, sometimes for days, those were never targeted attacks. Most were simply the random exploitation of flaws in popular operating systems, browsers or software, perpetrated by what we imagined were bored teenagers.
Why the US won’t extradite the ‘Cisco Hacker’
7 May 2009 | Techworld by John E Dunn
He is accused of hacking crimes that are similar to those of Gary McKinnon, and yet the so-called ‘Cisco hacker’, Philip Gabriel Pettersson, is unlikely to be extradited to the US to face his accusers. Why? McKinnon, of course, has been fighting his extradition to the US to face charges over alleged hacking of US military and other systems in the aftermath of the 2001 attacks on New York. We’ve pointed out before how unbalanced these charges are in relation to the crime of penetrating atrociously-secured systems, and why he could more fairly and effectively be sent for trial under UK law.
Patch Tuesday: Fix coming for PowerPoint zeroday
7 May 2009 | Dancho Danchev by Ryan Naraine
Exactly one month after malicious hackers started using rigged PowerPoint files to launch targeted attacks, Microsoft announced plans to ship a “critical” bulletin affecting its flagship presentation program. The PowerPoint update is the only bulletin scheduled for this month’s Patch Tuesday on May 12, 2009 . It is rated “critical” (remote code execution) for all supported versions of Microsoft Powerpoint 2000 through 2007. The full list of affected software and severity ratings is available in this Microsoft advance notification. In a pre-patch advisory issued last month, Redmond confirmed the zero-day flaw and described the attacks as “limited and targeted,”.
FBI agent reveals details of cybercrime sting
7 May 2009 | CNET News by Elinor Mills
In September 2008, police in the US began arresting alleged members of DarkMarket, an underground internet forum for buying and selling credit-card data used for identity fraud. The sting would not have been possible without the work of FBI agent J Keith Mularski, who spent two years infiltrating the group. Mularski became hacker ‘Master Splynter’, a play on the name of the Teenage Mutant Ninja Turtles character called ‘Master Splinter’, a rat who lives in New York City’s sewers. He was so successful in his online disguise that he ended up running the server that hosted the DarkMarket forum from his offices at the National Cyber-Forensics & Training Alliance in Pittsburgh, Pennsylvania.
Apple to reap reward of stronger consumer confidence, survey says
1 May 2009 | Computer World by Gregg Keizer
The first uptick in consumer confidence in 17 months is good news for Apple Inc., market research firm ChangeWave said yesterday. According to Paul Carton, ChangeWave’s research director, the company’s April survey of 3,200 consumers showed a two-point increase, from 6% to 8%, in the number of people who said they planned to buy a laptop in the next 90 days — the first gain since November 2007.
James Butler and Peter Silberman talk malware
1 May 2009 | threatpost (video)
James Butler and Peter Silberman of MANDIANT with Threatpost’s Robert Vamosi about malware and their new memory forensic software, Memoryze.
Control spam with disposable e-mail addresses
2 May 2009 | Earth Times
Spam now accounts for over 90 per cent of all e-mail received, according to a recent study by US-based Panda Labs, a company that makes Internet security products. But you probably don’t need an official study or a company to tell you just how troublesome spam has become. All you need to do is look at your inbox – or, if you employ some kind of anti-spam software, your Spam folder. Most anti-spam software doesn’t really get rid of the problem of spam, however.
Blunkett scaremongering about Olympic terrorism?
7 May 2009 | IT PRO by Asavin Wattanajantra
A senior Symantec threat researcher has disagreed with MP’s David Blunkett’s suggestion that there could be a severe cyber attack during the London Olympics of 2012. Candid Wüest said that it was certain that the London Olympics would be a target for cybercrime, but when it came to the risk of a larger scale terrorist attack, Wüest questioned who would be motivated to do it and what they would accomplish. “I definitely think there will be lots of scams going around – trying to sell false tickets, get credit card information – but that’s not really a [severe] cyber crime attack,” he said.
Security breach cost heartland $12.6 million so far
7 May 2009 | Network World by Ellen Messmer
Heartland Payment Systems today reported that the security breach it disclosed earlier this year has cost the company about $12.6 million so far, including legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the quarter. Heartland also detailed plans to protect its credit- and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter. “We are in a cybercrime arms race,” said Bob Carr, Heartland’s chair and CEO, in explaining why Heartland intends to deploy the custom-built encryption equipment.
5 May 2009 | SC Magazine US by Chuck Miller
Image spam is making a comeback, making up almost 22 percent of all unsolicited mail, according to IBM’s X-Force research team. Much of the spam involves messages pushing pharmaceutical products, researchers Ralf Iffert and Holly Stewart said Monday. Two years ago, most image spam, in which the payload is carried in an embedded image, focused on stock trading, but that is no longer as lucrative. The focus on drugs is likely a way to prey on people who seek help in dismal economic times, the researchers said.
NKorea builds up cyber warfare unit: officials
5 May 2009 | Yahoo News
North Korea has strenghtened its cyber warfare unit, increasing the country’s ability to launch a computer attack on South Korea and the United States, officials and a report said. South Korea’s Yonhap news agency cited official sources saying that the North has a “technology reconnaissance team” dedicated to collecting information and disrupting US and South Korean military computer networks. The team now has about 100 hackers, mostly graduates of a military academy in Pyongyang, it said.
4 May 2009 | Computer Active by Will Stapley
Acting as a gateway between your PC and the internet, a firewall is an essential security tool that no computer should be without. If no firewall is used, your PC will be left highly vulnerable to attack from a variety of sources – it could even end up being used for malicious purposes, such as sending out spam email. In this Back to Basics feature, we explain why firewalls are so important, how they work and what you can do with them. And, if you don’t already have one, we’ll point you in the direction of some free firewalls.
5 May 2009 | threatpost (Video)
This Google TechTalk features Rik Farrow, a longtime security consultant and author, discussing the fundamental flaws in the current security model on the Internet and the desktop.
Web filters threaten national security
4 May 2009 | Computer World by Darren Paull
Internet heavyweights have attacked the federal government’s Internet content filtering plans and claimed it opens vulnerabilities that could threaten national security. Renowned security experts reproached the Australian government for pushing ahead with the national clean-feed Internet scheme. They say a nation-wide Internet filtering is both technically infeasible and morally reprehensible, and have called on the public to disrupt the government’s plans if they are actioned after the current trials.
Australia to invest in cyber war capabilities
4 May 2009 | ARN by Trevor Clarke
Australia will develop greater cyber warfare capabilities as part of a $70 billion strategy announced in a Federal Government whitepaper at the weekend. In its first defence whitepaper for 10 years, the Government said it will establish a Cyber Security Operations Centre within the Defence Signals Directorate (DSD) staffed by Defence force and Defence Science and Technology Organisation (DSTO) personnel to coordinate responses to cyber threats. “Our national security could potentially be compromised by cyberattacks on our defence, wider governmental, commercial or infrastructure-related information networks.
Opposition party highlights flaw in UK govt data plans
4 May 2009 | ZDNet Asia by Tom Espiner
Opposition party members in the United Kingdom are concerned about the possible misuse of communications data by local authorities, if a proposed law to monitor Web and phone communication data is adopted. James Brokenshire, Conservative shadow home affairs minister, told ZDNet Asia’s sister site ZDNet UK last week that access rights to communications-traffic data should be strictly controlled to stop local authorities using the data for unnecessary surveillance purposes. “Potentially 600 agencies will get access to this data,” said Brokenshire. “We are very concerned about the ‘dustbin Stasi’.”
Verdict on Infosecurity Europe 2009
30 April 2009 | David Lacey’s IT Security Blog
Overall, I thought it a definite success. The feedback I received from both vendors and visitors was positive. The new venue was bigger and quieter (in most places). The programme was wide ranging and entertaining, even a little “edgy” at times. The Hall of Fame expert panel, in particular, was a classic session: lively, controversial and entertaining. The issues raised throughout the conference were relevant, interesting and thought provoking. I now see electronic voting and DNS in a new light.
Economy could be bad for IT security
1 May 2009 | IDG News Services by Grant Gross
Now there’s another fallout from the global recession: we could see rise in malware. That’s according to a survey of US government chief information security officers (CISOs) who believe that the economic climate could hurt their ability to do their jobs. But it’s not all bad news. Some federal CISOs see some opportunities in the difficult economic times, with 48 percent of those responding saying the economy will make it easier to retain key security workers.
NASA hacker Tenenbaum agrees to US extradition
1 May 2009 | The Register by John Leyden
NASA hacker turned credit card fraud suspect Ehud Tenenbaum has agreed to surrender to US justice, The Calgary Sun reports. Tenenbaum (AKA The Analyzer) will face the courts in the US, not those in Canada where he is being held on detention, over allegations he masterminded a multi-million dollar credit card scam. He agreed to surrender to US Marshals under a provision within the Extradition Act. The decision is subject to approval by Canadian ministers, but this is considered nothing more than a formality.
3 March 2009 | The Times by Claudine Beaumont
Baring your soul online has always been popular, but now even Twitter users are able to indulge in a cyber confession. Services such as Kvetch! and SecretTweet enable Twitter users to share their innermost feelings online, hidden by a cloak of anonymity. Kvetch! — which has the tag-line: “Let it out, baby!” — is a site where users can post their thoughts, feelings and annoyances. Some are funny, others rude and offensive. All are searingly honest.
Gotcha!
Alleged Ciso hacker cornered by authorities(6 May 2009 | IDG News Services by Mikael Ricknas)
Council handled matter fairly (5 May 2009 | The Greenville News)
Two brothers among indictees in $4 million spam case (2 May 2009 | Computer World by Jaikumar Vijayan)
NASA hacker surrenders to U.S (30 April 2009 | The Calgary Sun)
PC Tools Blogs
6 May 2009 | ThreatFire Research Blog
A handful of academic researchers recently completed another thorough and fascinating report about Torpig: “Taking over the Torpig Botnet”. Torpig is an especially evil little piece of Crimeware. Over the past couple of years, ThreatFire has been preventing fairly high numbers of Torpig/Sinowal/Anserin infections all over the world, keeping this bank account and credit card number snorting nastiness penned up. This morning, ThreatFire made bacon of another attempted Torpig infection, also known as Trojan.Anserin, Troj/Torpig-Gen, and Trojan-Spy.Win32.Small.dg.
30 April 2009 | ThreatFire Research Blog
As Koobface has proven, stealing biscuits can get malware distributors a long ways. Unfortunately, that hasn’t helped to drive some of these ultra-popular social networking sites to review the security of their authentication procedures. Another technique and tool has just been posted to abuse stolen biscuits, much like the Koobface worm, and it supports changing a wall without the password. The author claims to have just completed “FBController – The Ultimate Utility to Control Facebook accounts without the Password”.
